@appcircle/react-native-code-push 0.0.2-alpha.5 → 0.0.3-alpha.1

package/README.md

@@ -1,5 +1,20 @@
 # Appcircle React Native CodePush SDK
 
+## Table of Contents
+1. [Overview](#overview)
+2. [Features](#features)
+3. [Installation](#installation)
+4. [Platform Setup](#platform-setup)
+    - [iOS Setup](#ios-setup) 
+    - [Android Setup](#android-setup)
+5. [Basic Usage](#basic-usage)
+6. [Releasing Updates](#releasing-updates)
+    - [Manual Release](#manual-release)
+    - [Automated Release](#automated-release)
+7. [Multi-Deployment Testing](#multi-deployment-testing)
+8. [Code Signing](#code-signing)
+
+
 ## Overview
 
 Appcircle React Native CodePush SDK enables you to deploy mobile app updates directly to your users' devices through Appcircle's CI/CD platform. This integration allows you to automate your deployment process and manage your app updates efficiently.
@@ -107,6 +122,54 @@ The SDK supports multiple deployment environments through Appcircle:
 - **Production**: For end-user updates
 - **Custom Deployments**: For A/B testing or specific user groups
 
+## Code Signing
+
+The SDK supports code signing which ensures that every over‑the‑air (OTA) JavaScript bundle your React Native application receives originates from a trusted source and has not been altered in transit.
+
+### Configuration of Code Signing
+
+Generate the key pairs. Use OpenSSL (or your preferred cryptographic toolkit) to create a 4096‑bit RSA key pair—or an ECC key with curve P‑256—store the private key securely. And then store the private key securely.
+
+```bash
+# generate private RSA key
+openssl genrsa -out private_codepush_signing_key.pem
+# export public key
+openssl rsa -pubout -in private_codepush_signing_key.pem -out public_codepush_signing_key.pem
+```
+
+### Setup and Installation
+After generating the private and public keys locally, you must make a few configuration changes in your application. Begin by adding the generated public key to the project that you intend to sign, ensuring it is accessible at build time for signature verification.
+
+#### For iOS, add the following to the `Info.plist`:
+```swift
+<key>CodePushPublicKey</key>
+    <string>-----BEGIN PUBLIC KEY-----
+        Here is your public key
+    -----END PUBLIC KEY-----</string>
+```
+
+#### For Android, add the following to the `Strings.xml`:
+```java
+<resources>
+    <string name="app_name">my_app</string>
+    <string name="CodePushPublicKey">-----BEGIN PUBLIC KEY-----
+        Here is your public key
+    -----END PUBLIC KEY-----</string>
+</resources>
+```
+
+### Signing CodePush Release
+To create a signed CodePush release, you must first generate a build from your codebase with the public key already embedded. The resulting `.ipa` and `.apk` artifacts now contain the public key, enabling them to identify properly signed CodePush releases and safely apply OTA updates.
+
+Once your binary is configured with the public key, you can publish a **signed** CodePush release through the **Appcircle CodePush CLI**:
+
+```bash
+appcircle-code-push release-react <YOUR_APP_PROFILE_NAME> <platform> -d <DEPLOYMENT_CHANNEL_NAME> --privateKeyPath <YOUR_PRIVATE_KEY_PATH>
+```
+
+Replace `<YOUR_APP_PROFILE_NAME>` with the CodePush Profile name shown in the Appcircle dashboard, update the `-d` flag as needed (e.g., *Staging*). The `--privateKeyPath` flag must reference the **same private key** you used to generate the public key embedded in the app; the CLI will sign the bundle before uploading it to Appcircle.
+
+For more details, refer to the [Appcircle documentation.](https://docs.appcircle.io/code-push/code-push-code-signing)
 
 ## Contributing
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@appcircle/react-native-code-push",
-  "version": "0.0.2-alpha.5",
+  "version": "0.0.3-alpha.1",
   "description": "React Native plugin for the CodePush service",
   "main": "CodePush.js",
   "typings": "typings/react-native-code-push.d.ts",